Article (Scientific journals)
Modeling Data Protection and Privacy: Application and Experience with GDPR
Torre, Damiano; Alferez, Mauricio; Soltana, Ghanem et al.
2021In Software and Systems Modeling
Peer reviewed
 

Files


Full Text
Modeling_Data_Protection_and_Privacy__Application_and_Experiencewith_GDPR.pdf
Author preprint (1.2 MB)
Download

All documents in ORBilu are protected by a user license.

Send to



Details



Keywords :
GDPR; regulatory compliance
Abstract :
[en] In Europe and indeed worldwide, the Gen- eral Data Protection Regulation (GDPR) provides pro- tection to individuals regarding their personal data in the face of new technological developments. GDPR is widely viewed as the benchmark for data protection and privacy regulations that harmonizes data privacy laws across Europe. Although the GDPR is highly ben- e cial to individuals, it presents signi cant challenges for organizations monitoring or storing personal infor- mation. Since there is currently no automated solution with broad industrial applicability, organizations have no choice but to carry out expensive manual audits to ensure GDPR compliance. In this paper, we present a complete GDPR UML model as a rst step towards de- signing automated methods for checking GDPR compli- ance. Given that the practical application of the GDPR is infuenced by national laws of the EU Member States,we suggest a two-tiered description of the GDPR, generic and specialized. In this paper, we provide (1) the GDPR conceptual model we developed with complete trace- ability from its classes to the GDPR, (2) a glossary to help understand the model, (3) the plain-English de- scription of 35 compliance rules derived from GDPR along with their encoding in OCL, and (4) the set of 20 variations points derived from GDPR to specialize the generic model. We further present the challenges we faced in our modeling endeavor, the lessons we learned from it, and future directions for research.
Research center :
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Software Verification and Validation Lab (SVV Lab)
Disciplines :
Computer science
Author, co-author :
Torre, Damiano ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV
Alferez, Mauricio ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV
Soltana, Ghanem ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Sabetzadeh, Mehrdad ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV
Briand, Lionel ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV
External co-authors :
no
Language :
English
Title :
Modeling Data Protection and Privacy: Application and Experience with GDPR
Publication date :
2021
Journal title :
Software and Systems Modeling
ISSN :
1619-1374
Publisher :
Springer, Germany
Peer reviewed :
Peer reviewed
Focus Area :
Security, Reliability and Trust
Name of the research project :
IMOREF
Funders :
FNR - Fonds National de la Recherche [LU]
Available on ORBilu :
since 30 September 2021

Statistics


Number of views
202 (35 by Unilu)
Number of downloads
552 (28 by Unilu)

Scopus citations®
 
10
Scopus citations®
without self-citations
8
OpenCitations
 
6
WoS citations
 
5

Bibliography


Similar publications



Contact ORBilu